Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
3
Replies

Static Nate Rule

KennyAlsic
Level 1
Level 1

‎06-03-2010 06:15 AM - edited ‎03-11-2019 10:54 AM

Dear,

When I try to add a second item to the source of a static nat rule, it replaces the original source item. Even if I try to add an extra static nat rule with a different source natted to the same destination IP, it asks me to replace the original rule.

I also tried to expand the source from one ip to /24 network but in this case I get an error the subnetmask of source and destination (/32) are not equal.

Any idea how I can allow two source ip addresses translated to one Ipadress over one interface?

The firewall is a Cisco ASA5520 running software version 8.0(3)

Any help really appreciated.

Kind regards,

Kenny

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎06-03-2010 06:23 AM

Kenny,

You cannot translate the same internal IP address to two different IP address statically, for example, the below command won't work:

static (in,out) 200.1.1.1 10.1.1.1

static (in,out) 200.1.1.2 10.1.1.1  --> you will get an overlapping error here

The reason it does not work is because the ASA won't know to which address translate 10.1.1.1 (because you have two static rules).

What you can do though is use static PAT:

static (in,out) tcp 200.1.1.1 80 10.1.1.1 80

static (in,out) tcp 200.1.1.2 25 10.1.1.1 25

The first line you're translating the internal 10.1.1.1 to 200.1.1.1 when using TCP port 80

The second line you're translating the same internal 10.1.1.1 to 200.1.1.2 when using TCP port 25... and so on...

Let me know if it helps.

Federico.

0 Helpful

KennyAlsic
Level 1
Level 1
In response to Federico Coto Fajardo

‎06-03-2010 06:34 AM

Federico,

Thanks for the quick reply, but that was not the thing I am looking for ... maybe my question was not clear. Here it comes again:

I need to translate two different internal ipaddresses to another ipaddress.

Kind regards,

Kenny

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to KennyAlsic

‎06-03-2010 06:56 AM

Kenny,

Sorry for the misunderstanding, but the same rule applies.

You cannot translate two different internal IP addresses to the same outside IP adress statically (only using STATIC PAT)

Normally this is desired when say, you have two internal servers and one listens on one port and the other one on a different port and you want to map them both to the same outside IP.

This can be done with static PAT.

Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card